CVE-2023-24820

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions RIOT-OS versions prior to 2022.10

Description The issue affects the network stack of RIOT-OS, an operating system for Internet of Things devices, which can process 6LoWPAN frames. An attacker can send a crafted frame, resulting in a large out of bounds write beyond the packet buffer. This write creates a hard fault exception after reaching the last page of RAM. Since the hard fault is not handled, the system becomes stuck until it is reset, leading to a denial of service.

Recommendations For versions prior to 2022.10, update to version 2022.10 to resolve the issue. As a temporary workaround for versions prior to 2022.10, apply the patch manually.

Exploit

Fix

Integer Underflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-787

Related Identifiers

CVE-2023-24820

GHSA-VPX8-H94P-9VRJ

Affected Products

Riot-Os

CVE-2023-24820

Weakness Enumeration

Related Identifiers

Affected Products

References · 8